One of the largest problems in software security is choosing to look the other way. Even with multiple regulation departments, many managers choose to look the other way on security issues, what can be done?

Management is ignoring potential security issues in our Web environment. What can our development and QA staff do, to get them to take security seriously?

You've hit one of the greatest barriers to application security success: Ignorance. Even with all the government and industry regulations mandating reasonable security controls many managers continue to ignore the issue. You're on the right track because the people running your business are the only ones that can truly fix this issue long term.

What you have to do is show them how the general risks and specific vulnerabilities impact the business. Get on their side. Go to business meetings and put things in terms of them and the business. Beyond that, show how improvements in your code are being made and how periodic security assessments are paying off. Perhaps most importantly -- never stop. Application security is an ongoing thing that'll never go away. Don't feed them fear but rather persistent education regarding what they're up against. They'll eventually come around.

More team and relationship building tips:

Tips for software testers: Getting along with developers End software project slowdowns caused by fighting between software testers and developers with these four tips. Learn how to report application bugs diplomatically and accurately with veteran tester David Christiansen's guidelines.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.